Re: [openssl-users] New FIPS 140-2 SE Validation Approved
On 06/30/2015 07:15 AM, jonetsu wrote: The validation is on the ARM platform using Linux 2.4. I am one of those 'unlucky' having to deal with FIPS so please pardon any silly questions. Would this validation be limited to these two aspects ? The validation is limited to the platforms (Operational Environments) listed for that validation, unless you are able to leverage the user affirmation option per section G.5 of the Implementation Guidance document (one of the canons of FIPS 140-2 scripture). And, is there any money-saving advantage at using an already validated OpenSSL when the whole unit (embedded device) qill be going for validation ? Eg. will it save lab time if they know that the OpenSSL used is already validated ? I'm going to guess that you're trying to obtain a Level 2 validation for a product that contains the OpenSSL FIPS Object Module. Yes, the fact that the OpenSSL FIPS module already has a Level 1 validation can help. But, FIPS 140-2 is a tricky business so you should consult with your accredited FIPS 140-2 test lab for advice specific to your unique circumstances. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] New FIPS 140-2 SE Validation Approved
The validation is on the ARM platform using Linux 2.4. I am one of those 'unlucky' having to deal with FIPS so please pardon any silly questions. Would this validation be limited to these two aspects ? And, is there any money-saving advantage at using an already validated OpenSSL when the whole unit (embedded device) qill be going for validation ? Eg. will it save lab time if they know that the OpenSSL used is already validated ? Regards. -- View this message in context: http://openssl.6102.n7.nabble.com/New-FIPS-140-2-SE-Validation-Approved-tp58909p58944.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] New FIPS 140-2 SE Validation Approved
If you don't know or care what FIPS 140-2 is, a hysterical giggle of pure delight and whoop of relief before moving on is fully justified. The SE (Salavge Edition) validation has been approved: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2398 This actually appeared on the evening of the 24th or morning of the 25th, but then disappeared for several hours, and had a broken link to the Security Policy for a few hours after that. So I waited a day before concluding it was here to stay. The SE validation is one of the two 1A SUB validations intended to ransom[*] the hostage[**] platforms in the #1747 validation. The other RE validation has not yet been approved, although it differs from the SE one by exactly six characters and was submitted at the same time. With the execution of the hostages anyway[***] these two new validations may be superfluous. We're not entirely sure and are trying to figure out what the bureaucracy will and won't do with new change letter updates. We've submitted a change letter update for revision 2.0.10 against both the #1747 and #2398 validations, so time will tell. The four presumed clerical errors in the list of #1747 survivors (the Big Blob o' Text) have still not been corrected after 11 days, nor do we have any indication that they are not accidental typos. I'm still assuming clerical error, but we won't know for sure until we get some sort of response. -Steve M. [*] http://openssl.com/fips/ransom.html [**] http://openssl.com/fips/hostage.html [***] http://openssl.com/fips/aftermath.html -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users